Using and creating an action program
The BMC Defender Server comes with various actions already prepared, described in detail within later sections of the program. Each preconfigured action is in the form of a batch file,that is commented and readily modifiable, and launches an internal program within BMC Defender Server. Each action requires specific arguments, and receives as data certain environmental variables on the system.
The basic preconfigured actions, discussed in more detail later, are introduced as follows. Some of these actions are available as both correlation actions and ticket actions, whereas others are specific only to correlation or tickets, as noted as follows:
LOGFILE.bat | This action program simply logs the triggering event message to a user specified file. It is the simplest action, and simply requires the user to provide a log file pathname on the system as an argument. This action is available as both as a correlation action, and a ticket action. |
RUNSQL.bat | This action program updates a database table name MessageData with message information. The action program requires the pathname to a configuration file as the first argument. More detailed information on using this command is provided later in this section. This action is available as both a correlation action, and a ticket action. |
SENDLOG.bat | This action program sends a syslog message to another syslog server (perhaps another copy of BMC Defender Server running on a different platform, or a Unix syslogd process listening on the network.) The action program requires a single argument, that is the hostname or IP address of the device to send the syslog message. This action is available as both a correlation action, and a ticket action. |
SENDMAIL.bat | This action program sends an e-mail message containing the message information. The action program requires two arguments: the first argument is the hostname or IP address of an SMTP server, and the second argument is the e-mail address of the recipient of the e-mail message. This action is normally available only as a ticket action. |
SENDTRAP.bat | This action program sends an SNMP trap message corresponding to the message information. The action program requires two arguments: The first argument is the hostname or IP address of a network manager that is running a trap receiver (listening to the standard SNMP port of 162). The second argument is the trap community name for the trap. A short MIB definition file, describing the trap, is included later in this section. This action is available as both a correlation action, and a ticket action. |
RELAY.bat | This action is similar to the SENDLOG.bat action as described previously, except relays a syslog message to another copy of BMC Defender Server, preserving the device IP address of the message. (If the SENDLOG.bat is used, the IP address of the message becomes the BMC Defender Server that is sending the message.) This action program is mainly useful in a multi-level management strategy where BMC Defender Server installations at a local level relay messages to a master enterprise version of BMC Defender Server. This action is available as both a correlation action and a ticket action. |
TUNNEL.bat | This action is similar to the RELAY.bat action, as described previously, except uses the BMC Defender Server Encrypted TCP Tunnel process to send messages. The program sends a TCP message to the CO-trecv.exe program running at a remote BMC Defender Server installation, preserving the IP address of the message. This action is mainly useful in a multi-level management strategy, where TCP is desirable rather than UDP. This action is available as both a correlation action and ticket action. |
HELPDESK.bat | This action can be used to interface the BMC Defender Server ticketing system with an external helpdesk (in particular BMC Remedy, but also others.) The user must manually add the logic associated with the helpdesk incident insertion, creating or modifying a batch file called HELPDESK_U.bat in the t-actions directory. Assistance from BMC Defender Server support might be required. This action is normally available only as a ticket action. |
SEND_EPO.bat | This action can be used to interface the BMC Defender Server ticketing system with McAfee ePolicy Orchestrator. (This is a separately licensed option to BMC Defender Server.) The configuration of this action is documented in a separate manual, included with each copy of BMC Defender Server. (See the More > User Manuals hyperlink for this manual.) This action is normally available only as a ticket action. |
Using an action program
The previous action programs might be all that is necessary for a site. However, one extreme power, offered by the BMC Defender Server, is the ability to script specialized actions. An administrator can create sophisticated and highly customized action programs to augment the previous set of predefined programs. These custom action programs can be written or scripted in any language.
The starting point for adding a new action might be one of the batch files mentioned in the previous section. The TEMPLATE.bat file, included in the BMC Defender Server/actions and BMC Defender Server/t-actions directory might also be used to begin the development effort.
Related topic